|Release Date:||2014-11-07 (Last update can be found below the document title)|
|Description:||Multiple stored XSS vulnerabilities|
|Criticality Level:||Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )|
|Impact:||Insertion of arbitrary HTML code|
|Systems Affected:||Canvas LMS|
|Discovered By:||Internal audit|
During a routine security audit of the Canvas code base and platform, a number of cross site scripting vulnerabilities were identified. Once identified and confirmed, these vulnerabilities were patched by the Instructure engineering team.
All systems were patched as of 15:32 MT on 11/6/2014